Secure Dynamic Network and Protocol (SDNP)
Among using ECC, ECDH, AES, HMAC and SHA3 encryption algorithms HyperID utilizes own proprietary encryption protocol called Secure Dynamic Network and Protocol (SDNP).
SDNP through OSI layers
Secure exchange of user data between HyperID services is amplified by the use of Secure Dynamic Network and Protocol, later SDNP.
This patented protocol combines autonomous dispatcher-based packet multi-routing and fragmented data transport of anonymous packets with dynamic encryption and state-based concealment techniques to repel packet hijacking, man-in-the-middle attacks, and metadata surveillance.
In SDNP the content of data packets is not carried serially by coherent packets containing information from a common source, but in fragmented form, dynamically mixing and remixing content emanating from multiple sources, where said data agglomerates incomplete snippets of data with junk data.
SDNP model is based on the premise that all encrypted files have a limited “shelf life”, meaning that encrypted data is secure for only a finite period of time and that the confidential data must be re-encrypted dynamically at regular intervals.
SDNP encryption therefore involves converting data from unencrypted plaintext into ciphertext repeatedly and frequently, rendering the information incomprehensible and useless. Even if a given packet’s data encryption is miraculously broken, by employing SDNP’s dynamic encryption methods, the next data packet utilizes a completely different encryption key or cipher and requires a completely new effort to crack its encryption.
By limiting the total content of each uniquely encrypted data packet, the potential damage of unauthorized access is mitigated because an exposed data packet contains, by itself, a data file too small to be meaningful or useful to a malicious party.
SDNP Data Scrambling
SDNP packet scrambling involves rearranging the data segments out of sequence, rendering the information incomprehensible and useless.
The scrambling operation can use any algorithm, numerical method, or sequencing method. The algorithm may represent a static equation or include dynamic variables or numerical seeds based on “states,” such as time when the scrambling occurred, and a numerical seed generated by seed generator , which may generate seed using an algorithm that is also dependent on a state such as time at the time of the scrambling.
Time and seed may be used to select a specific algorithm and may also be used to select or calculate a specific scrambling operation, chosen from a list of available scrambling methods, i.e. from scrambling algorithms.
Another key element of SDNP is its ability to split data packets into sub-packets, to direct those sub-packets into multiple routes, and to mix and recombine the sub-packets to reconstruct a complete data packet.
The presence of junk data segments inserted into a data packet also makes it difficult for attackers to distinguish real data from noise. “Junk” packet or data segment is a packet or data segment that consists entirely of meaningless data (bits). These junk bits can be introduced into a stream of data packets obfuscating real data in a sea of meaningless bits.
Splitting data packet into smaller pieces offers unique advantages such as supporting multipath transport, i.e. transmitting the data packets over multiple and different paths, and facilitating unique encryption of constituent sub-packets using different encryption methods.
SDNP Routes Mixing
When transporting packets over constantly changing routes, no single communication node carries successive packets of related information.
By preventing the aggregation of data packet identity, ownership, routing, content and other metadata, SDNP packets evade advanced analytic cyberattack methodologies. Using the previously described method of splitting and mixing, groups of data segments may be separated or removed from one data packet, combined with or merged into another data packet, and sent on a trajectory to a destination different from the one from whence it came.
The advantage of the disclosed realization of data fragmentation and transport is that even unencrypted and unscrambled data packets are nearly impossible to interpret because they represent the combination of unrelated data and data types.
The combination of the aforementioned methods facilitates multi-dimensional security far beyond the security obtainable from static encryption.
Each packet’s fragmented content, and the secrets used to create it, remain valid for only a fraction of a second before the packet is reconstituted with new fragments and new security provisions such as revised seeds, keys, algorithms, and secrets. The limited duration in which a malicious actor can break and open the state-dependent SDNP data packet further enhances SDNP security.